mjgdunne Posted April 29, 2008 Share Posted April 29, 2008 Hi i have a login page and i am using the following code to start the session if login is correct, now i need to put some authentication on the page below, any help would be great im new to php, thanks. ??? <?php session_start(); if(!session_is_registered(myusername)){ header("location:main_login.html"); } ?> <html> <head> <title>Car Rentals & Returns</title> <meta http-equiv="Content-Type" content="text/html" /> <link href="style2.css" rel="stylesheet" type="text/css" /> </head> <body> <div id="wrapper3"> <img src="images/cars.jpg" width="996" height="100"></a> <TABLE BGCOLOR="#F0F8FF" BORDER=0 CELLPADDING=10 WIDTH=100%> <tr> <td align="center"> <H1>Main Menu Administrator</H1> </td> </table> <TABLE BGCOLOR="#F0F8FF" BORDER=0 CELLPADDING=10 WIDTH=100%> <tr> <TD ALIGN=CENTER VALIGN=TOP WIDTH=50> </TD> <TD ALIGN=LEFT VALIGN=TOP WIDTH=83%> </TABLE> <TABLE BGCOLOR="#F0F8FF" WIDTH=100%> <TR><TD ALIGN="center"> <form method="post" action="addnewuser.html"> <input type="submit" class="mybutton" value="Add new employee"/></TD> </tr> </form></table> <TABLE BGCOLOR="#F0F8FF" WIDTH=100%> <TR><TD ALIGN="center"> <form method="post" action="search_emp.html"> <input type="submit" value="Search for employee" class="mybutton"/></TD> </tr> </form></table> <TABLE BGCOLOR="#F0F8FF" WIDTH=100%> <TR><TD ALIGN="center"> <form method="post" action="customer_2.html"> <input type="submit" value="Add new customer" class="mybutton"/></TD> </tr> </form></table> <TABLE BGCOLOR="#F0F8FF" WIDTH=100%> <TR><TD ALIGN="center"> <form method="post" action="search2.html"> <input type="submit" value="Search for customer" class="mybutton"/></TD> </tr> </form></table> <TABLE BGCOLOR="#F0F8FF" WIDTH=100%> <TR><TD ALIGN="center"> <form method="post" action="load.html"> <input type="submit" value="Add new car" class="mybutton"/></TD> </tr> </form></table> <TABLE BGCOLOR="#F0F8FF" WIDTH=100%> <TR><TD ALIGN="center"> <form method="post" action="car.html"> <input type="submit" value="Search for car" class="mybutton"/></TD> </tr> </form></table> <TABLE BGCOLOR="#F0F8FF" WIDTH=100%> <TR><TD ALIGN="center"> <form method="post" action="Logout.php"> <input type="submit" value="Logout" class="mybutton"/><BR><BR><BR></TD> </tr> </form> </table> </td> </form> </tr> </table> </BODY> </HTML> Quote Link to comment Share on other sites More sharing options...
947740 Posted April 29, 2008 Share Posted April 29, 2008 If you want authentication, you need a database with user passwords, info, etc. You would then compare the password with the one in the database. With the password storage, I would use md5() to encrypt the passwords so they are not plain text in the database. You then use md5() on the password entered by the user and compare it to the one in the database (along with the username they enter). Do you want it broken down to the specifics? Quote Link to comment Share on other sites More sharing options...
mjgdunne Posted April 29, 2008 Author Share Posted April 29, 2008 Hi sorry my explaination was not great, i have a database set up with users who login with user name and password and when the user logs in i am sending the user to the page that i posted, i have it saved as login_success.php, any help would be great. Quote Link to comment Share on other sites More sharing options...
947740 Posted April 29, 2008 Share Posted April 29, 2008 So, all you want to do is figure out how to log them in? Quote Link to comment Share on other sites More sharing options...
mjgdunne Posted April 29, 2008 Author Share Posted April 29, 2008 No i have them logged in, my problem is anybody can view the page that i attached if they have the link, can i use sessions to reject people who are not logged in? ??? Quote Link to comment Share on other sites More sharing options...
947740 Posted April 29, 2008 Share Posted April 29, 2008 Yes. When they login, set $_SESSION['loggedin'] = "true". On all pages dependent on logins, use: if($_SESSION['loggedin'] != "true") { header("Location: homefile.php"); } else { // User dependent info here } Quote Link to comment Share on other sites More sharing options...
mjgdunne Posted April 29, 2008 Author Share Posted April 29, 2008 Thanks, i added the code as below: The document is saved as login_success.php, do i need to add something else to wrap the php onto the html? <?php if($_SESSION['loggedin'] != "true") { header("Location: main_login.html"); } else { <html> <head> <title>Car Rentals & Returns</title> <meta http-equiv="Content-Type" content="text/html" /> <link href="style2.css" rel="stylesheet" type="text/css" /> </head> <body> <div id="wrapper3"> <img src="images/cars.jpg" width="996" height="100"></a> <TABLE BGCOLOR="#F0F8FF" BORDER=0 CELLPADDING=10 WIDTH=100%> <tr> <td align="center"> <H1>Main Menu Administrator</H1> </td> </table> <TABLE BGCOLOR="#F0F8FF" BORDER=0 CELLPADDING=10 WIDTH=100%> <tr> <TD ALIGN=CENTER VALIGN=TOP WIDTH=50> </TD> <TD ALIGN=LEFT VALIGN=TOP WIDTH=83%> </TABLE> <TABLE BGCOLOR="#F0F8FF" WIDTH=100%> <TR><TD ALIGN="center"> <form method="post" action="addnewuser.html"> <input type="submit" class="mybutton" value="Add new employee"/></TD> </tr> </form></table> <TABLE BGCOLOR="#F0F8FF" WIDTH=100%> <TR><TD ALIGN="center"> <form method="post" action="search_emp.html"> <input type="submit" value="Search for employee" class="mybutton"/></TD> </tr> </form></table> <TABLE BGCOLOR="#F0F8FF" WIDTH=100%> <TR><TD ALIGN="center"> <form method="post" action="customer_2.html"> <input type="submit" value="Add new customer" class="mybutton"/></TD> </tr> </form></table> <TABLE BGCOLOR="#F0F8FF" WIDTH=100%> <TR><TD ALIGN="center"> <form method="post" action="search2.html"> <input type="submit" value="Search for customer" class="mybutton"/></TD> </tr> </form></table> <TABLE BGCOLOR="#F0F8FF" WIDTH=100%> <TR><TD ALIGN="center"> <form method="post" action="load.html"> <input type="submit" value="Add new car" class="mybutton"/></TD> </tr> </form></table> <TABLE BGCOLOR="#F0F8FF" WIDTH=100%> <TR><TD ALIGN="center"> <form method="post" action="car.html"> <input type="submit" value="Search for car" class="mybutton"/></TD> </tr> </form></table> <TABLE BGCOLOR="#F0F8FF" WIDTH=100%> <TR><TD ALIGN="center"> <form method="post" action="Logout.php"> <input type="submit" value="Logout" class="mybutton"/><BR><BR><BR></TD> </tr> </form> </table> </td> </form> </tr> </table> </BODY> </HTML> } ?> Quote Link to comment Share on other sites More sharing options...
947740 Posted April 29, 2008 Share Posted April 29, 2008 To output the html correctly, do this: <?php if($_SESSION['loggedin'] != "true") { header("Location: main_login.html"); } else { ?> <html> <head> <title>Car Rentals & Returns</title> <meta http-equiv="Content-Type" content="text/html" /> <link href="style2.css" rel="stylesheet" type="text/css" /> </head> <body> <div id="wrapper3"> <img src="images/cars.jpg" width="996" height="100"></a> <TABLE BGCOLOR="#F0F8FF" BORDER=0 CELLPADDING=10 WIDTH=100%> <tr> <td align="center"> <H1>Main Menu Administrator</H1> </td> </table> <TABLE BGCOLOR="#F0F8FF" BORDER=0 CELLPADDING=10 WIDTH=100%> <tr> <TD ALIGN=CENTER VALIGN=TOP WIDTH=50> </TD> <TD ALIGN=LEFT VALIGN=TOP WIDTH=83%> </TABLE> <TABLE BGCOLOR="#F0F8FF" WIDTH=100%> <TR><TD ALIGN="center"> <form method="post" action="addnewuser.html"> <input type="submit" class="mybutton" value="Add new employee"/></TD> </tr> </form></table> <TABLE BGCOLOR="#F0F8FF" WIDTH=100%> <TR><TD ALIGN="center"> <form method="post" action="search_emp.html"> <input type="submit" value="Search for employee" class="mybutton"/></TD> </tr> </form></table> <TABLE BGCOLOR="#F0F8FF" WIDTH=100%> <TR><TD ALIGN="center"> <form method="post" action="customer_2.html"> <input type="submit" value="Add new customer" class="mybutton"/></TD> </tr> </form></table> <TABLE BGCOLOR="#F0F8FF" WIDTH=100%> <TR><TD ALIGN="center"> <form method="post" action="search2.html"> <input type="submit" value="Search for customer" class="mybutton"/></TD> </tr> </form></table> <TABLE BGCOLOR="#F0F8FF" WIDTH=100%> <TR><TD ALIGN="center"> <form method="post" action="load.html"> <input type="submit" value="Add new car" class="mybutton"/></TD> </tr> </form></table> <TABLE BGCOLOR="#F0F8FF" WIDTH=100%> <TR><TD ALIGN="center"> <form method="post" action="car.html"> <input type="submit" value="Search for car" class="mybutton"/></TD> </tr> </form></table> <TABLE BGCOLOR="#F0F8FF" WIDTH=100%> <TR><TD ALIGN="center"> <form method="post" action="Logout.php"> <input type="submit" value="Logout" class="mybutton"/><BR><BR><BR></TD> </tr> </form> </table> </td> </form> </tr> </table> </BODY> </HTML> <?php } ?> Quote Link to comment Share on other sites More sharing options...
mjgdunne Posted April 29, 2008 Author Share Posted April 29, 2008 Hi i changed that code, here is my checklogin script maybe i have done something wrong here: Thanks for your help. <?php session_start(); ini_set( 'display_errors', '1' ); error_reporting ( 2047 ); $host="localhost"; // Host name $username="root"; // Mysql username $password="root"; // Mysql password $db_name="test"; // Database name $tbl_name="members"; // Table name // Connect to server and select databse. mysql_connect("$host", "root", "root")or die("cannot connect"); mysql_select_db("$db_name")or die("cannot select DB"); // username and password sent from signup form $myusername=$_POST['myusername']; $mypassword=$_POST['mypassword']; $sql="SELECT * FROM $tbl_name WHERE username='$myusername' and password='$mypassword'"; $result = mysql_query($sql); if($result === false){ exit('db error: ' . mysql_error()); } // Mysql_num_row is counting table row $count=mysql_num_rows($result); // If result matched $myusername and $mypassword, table row must be 1 row if($count==1){ // assign $_SESSION variables: $myusername, $mypassword and redirect to file "login_success.php" $valuesLogin = mysql_fetch_array($result); $mylevel = $valuesLogin['level']; $_SESSION['myusername'] = $myusername; $_SESSION['mypassword'] = $mypassword; if($mylevel == 1){ $_SESSION['loggedin'] = "true"; header('Location: login_success.php'); } elseif($mylevel == 2){ $_SESSION['loggedin'] = "true"; header('Location: login_success2.php'); } else{ $_SESSION['loggedin'] = "true"; header('Location: login_success3.php'); } } else { header("location:login_failure.php"); // echo "Wrong Username or Password"; } exit(); ?> Quote Link to comment Share on other sites More sharing options...
947740 Posted April 29, 2008 Share Posted April 29, 2008 Move the $_SESSION['loggedin'] = "true" to right after the if($count==1) { statement, along with the other session variables. Quote Link to comment Share on other sites More sharing options...
mjgdunne Posted April 29, 2008 Author Share Posted April 29, 2008 Hi thanks, it does block the page and redirect to the login page, only problem is that it doesnt allow me to log in at all now. Here is where i placed the code, maybe i got it wrong: if($count==1){ // assign $_SESSION variables: $myusername, $mypassword and redirect to file "login_success.php" $valuesLogin = mysql_fetch_array($result); $mylevel = $valuesLogin['level']; $_SESSION['loggedin'] = "true"; $_SESSION['myusername'] = $myusername; $_SESSION['mypassword'] = $mypassword; if($mylevel == 1){ header('Location: login_success.php'); } elseif($mylevel == 2){ header('Location: login_success2.php'); } else{ header('Location: login_success3.php'); } } else { header("location:login_failure.php"); // echo "Wrong Username or Password"; } exit(); ?> Quote Link to comment Share on other sites More sharing options...
947740 Posted April 29, 2008 Share Posted April 29, 2008 Use this instead of the previous code (you have to start the session to check the variable): <?php session_start(); if($_SESSION['loggedin'] != "true") { header("Location: main_login.html"); } else { ?> <html> <head> <title>Car Rentals & Returns</title> <meta http-equiv="Content-Type" content="text/html" /> <link href="style2.css" rel="stylesheet" type="text/css" /> </head> <body> <div id="wrapper3"> <img src="images/cars.jpg" width="996" height="100"></a> <TABLE BGCOLOR="#F0F8FF" BORDER=0 CELLPADDING=10 WIDTH=100%> <tr> <td align="center"> <H1>Main Menu Administrator</H1> </td> </table> <TABLE BGCOLOR="#F0F8FF" BORDER=0 CELLPADDING=10 WIDTH=100%> <tr> <TD ALIGN=CENTER VALIGN=TOP WIDTH=50> </TD> <TD ALIGN=LEFT VALIGN=TOP WIDTH=83%> </TABLE> <TABLE BGCOLOR="#F0F8FF" WIDTH=100%> <TR><TD ALIGN="center"> <form method="post" action="addnewuser.html"> <input type="submit" class="mybutton" value="Add new employee"/></TD> </tr> </form></table> <TABLE BGCOLOR="#F0F8FF" WIDTH=100%> <TR><TD ALIGN="center"> <form method="post" action="search_emp.html"> <input type="submit" value="Search for employee" class="mybutton"/></TD> </tr> </form></table> <TABLE BGCOLOR="#F0F8FF" WIDTH=100%> <TR><TD ALIGN="center"> <form method="post" action="customer_2.html"> <input type="submit" value="Add new customer" class="mybutton"/></TD> </tr> </form></table> <TABLE BGCOLOR="#F0F8FF" WIDTH=100%> <TR><TD ALIGN="center"> <form method="post" action="search2.html"> <input type="submit" value="Search for customer" class="mybutton"/></TD> </tr> </form></table> <TABLE BGCOLOR="#F0F8FF" WIDTH=100%> <TR><TD ALIGN="center"> <form method="post" action="load.html"> <input type="submit" value="Add new car" class="mybutton"/></TD> </tr> </form></table> <TABLE BGCOLOR="#F0F8FF" WIDTH=100%> <TR><TD ALIGN="center"> <form method="post" action="car.html"> <input type="submit" value="Search for car" class="mybutton"/></TD> </tr> </form></table> <TABLE BGCOLOR="#F0F8FF" WIDTH=100%> <TR><TD ALIGN="center"> <form method="post" action="Logout.php"> <input type="submit" value="Logout" class="mybutton"/><BR><BR><BR></TD> </tr> </form> </table> </td> </form> </tr> </table> </BODY> </HTML> <?php } ?> Quote Link to comment Share on other sites More sharing options...
mjgdunne Posted April 29, 2008 Author Share Posted April 29, 2008 Thanks, that allows me to log in now, except if i place the link in the browser it still brings me to the page. Quote Link to comment Share on other sites More sharing options...
947740 Posted April 29, 2008 Share Posted April 29, 2008 What link are you talking about? Quote Link to comment Share on other sites More sharing options...
mjgdunne Posted April 29, 2008 Author Share Posted April 29, 2008 Like if i have the link to the page that i want to view, it still allows me to see it. Quote Link to comment Share on other sites More sharing options...
947740 Posted April 29, 2008 Share Posted April 29, 2008 Are you saying if you have a link to a page you need to be logged into it allows you to go there even if you are logged out? If so, in your logout script do a session_destroy(); to destroy the session. If you still need some session info, just reset $_SESSION['loggedin'] = "false";. Quote Link to comment Share on other sites More sharing options...
mjgdunne Posted April 29, 2008 Author Share Posted April 29, 2008 Sorry i hadnt killed the session, it works now. Thanks for your help. Quote Link to comment Share on other sites More sharing options...
947740 Posted April 29, 2008 Share Posted April 29, 2008 You are very welcome. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.